mirror of
https://github.com/octoleo/docker-joomla.git
synced 2024-11-08 13:54:07 +00:00
268 lines
8.3 KiB
Docker
268 lines
8.3 KiB
Docker
{{
|
|
def is_alpine:
|
|
env.variant | index("alpine")
|
|
-}}
|
|
# from https://downloads.joomla.org/technical-requirements
|
|
FROM php:{{ env.phpVersion }}-{{ env.variant }}
|
|
LABEL maintainer="{{ env.joomlaMaintainers }}"
|
|
|
|
# Disable remote database security requirements.
|
|
ENV JOOMLA_INSTALLATION_DISABLE_LOCALHOST_CHECK=1
|
|
{{ if is_alpine then ( -}}
|
|
RUN set -eux; \
|
|
apk add --no-cache \
|
|
# in theory, docker-entrypoint.sh is POSIX-compliant, but priority is a working, consistent image
|
|
bash \
|
|
# Ghostscript is required for rendering PDF previews
|
|
ghostscript \
|
|
# Alpine package for "imagemagick" contains ~120 .so files
|
|
imagemagick \
|
|
{{ if env.joomlaPackageType == "tar.zst" then ( -}}
|
|
# Needed for the zst joomla package
|
|
zstd \
|
|
{{ ) else "" end -}}
|
|
;
|
|
{{ ) else ( -}}
|
|
RUN set -eux; \
|
|
apt-get update; \
|
|
apt-get install -y --no-install-recommends \
|
|
# Ghostscript is required for rendering PDF previews
|
|
ghostscript \
|
|
{{ if env.joomlaPackageType == "tar.zst" then ( -}}
|
|
# Needed for the zst joomla package
|
|
zstd \
|
|
{{ ) else "" end -}}
|
|
; \
|
|
rm -rf /var/lib/apt/lists/*
|
|
{{ ) end -}}
|
|
|
|
# install the PHP extensions we need.
|
|
RUN set -ex; \
|
|
\
|
|
{{ if is_alpine then ( -}}
|
|
apk add --no-cache --virtual .build-deps \
|
|
$PHPIZE_DEPS \
|
|
autoconf \
|
|
bzip2-dev \
|
|
gmp-dev \
|
|
icu-dev \
|
|
freetype-dev \
|
|
imagemagick-dev \
|
|
libjpeg-turbo-dev \
|
|
libmemcached-dev \
|
|
libpng-dev \
|
|
libwebp-dev \
|
|
libzip-dev \
|
|
openldap-dev \
|
|
pcre-dev \
|
|
postgresql-dev \
|
|
; \
|
|
{{ ) else ( -}}
|
|
savedAptMark="$(apt-mark showmanual)"; \
|
|
\
|
|
apt-get update; \
|
|
apt-get install -y --no-install-recommends \
|
|
libbz2-dev \
|
|
libgmp-dev \
|
|
libicu-dev \
|
|
libfreetype6-dev \
|
|
libjpeg-dev \
|
|
libldap2-dev \
|
|
libmemcached-dev \
|
|
libmagickwand-dev \
|
|
libpq-dev \
|
|
libpng-dev \
|
|
libwebp-dev \
|
|
libzip-dev \
|
|
; \
|
|
{{ ) end -}}
|
|
\
|
|
docker-php-ext-configure gd \
|
|
--with-freetype \
|
|
--with-jpeg \
|
|
--with-webp \
|
|
; \
|
|
{{ if is_alpine then ( -}}
|
|
docker-php-ext-configure ldap; \
|
|
{{ ) else ( -}}
|
|
debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
|
|
docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
|
|
{{ ) end -}}
|
|
docker-php-ext-install -j "$(nproc)" \
|
|
bz2 \
|
|
bcmath \
|
|
exif \
|
|
gd \
|
|
gmp \
|
|
intl \
|
|
ldap \
|
|
mysqli \
|
|
pdo_mysql \
|
|
pdo_pgsql \
|
|
pgsql \
|
|
zip \
|
|
; \
|
|
{{ if is_alpine then ( -}}
|
|
# WARNING: imagick is likely not supported on Alpine: https://github.com/Imagick/imagick/issues/328
|
|
{{ ) else "" end -}}
|
|
# https://pecl.php.net/package/imagick
|
|
{{ if true then ( -}}
|
|
# https://github.com/Imagick/imagick/commit/5ae2ecf20a1157073bad0170106ad0cf74e01cb6 (causes a lot of build failures, but strangely only intermittent ones)
|
|
# see also https://github.com/Imagick/imagick/pull/641
|
|
# this is "pecl install imagick-3.7.0", but by hand so we can apply a small hack / part of the above commit
|
|
# Thanks to @tianon https://github.com/docker-library/wordpress/commit/509adb58cbc7463a03e317931df65868ec8a3e92
|
|
curl -fL -o imagick.tgz 'https://pecl.php.net/get/imagick-3.7.0.tgz'; \
|
|
echo '5a364354109029d224bcbb2e82e15b248be9b641227f45e63425c06531792d3e *imagick.tgz' | sha256sum -c -; \
|
|
tar --extract --directory /tmp --file imagick.tgz imagick-3.7.0; \
|
|
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php; \
|
|
test "$(grep -c '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php)" = '1'; \
|
|
sed -i -e 's!^//#endif$!#endif!' /tmp/imagick-3.7.0/Imagick.stub.php; \
|
|
grep '^//#endif$' /tmp/imagick-3.7.0/Imagick.stub.php && exit 1 || :; \
|
|
docker-php-ext-install /tmp/imagick-3.7.0; \
|
|
rm -rf imagick.tgz /tmp/imagick-3.7.0; \
|
|
# TODO when imagick has another release, we should ditch this whole block and just update instead
|
|
{{ ) else ( -}}
|
|
pecl install imagick-3.7.0; \
|
|
docker-php-ext-enable imagick; \
|
|
rm -r /tmp/pear; \
|
|
{{ ) end -}}
|
|
\
|
|
# some misbehaving extensions end up outputting to stdout
|
|
out="$(php -r 'exit(0);')"; \
|
|
[ -z "$out" ]; \
|
|
err="$(php -r 'exit(0);' 3>&1 1>&2 2>&3)"; \
|
|
[ -z "$err" ]; \
|
|
\
|
|
extDir="$(php -r 'echo ini_get("extension_dir");')"; \
|
|
[ -d "$extDir" ]; \
|
|
{{ if is_alpine then ( -}}
|
|
\
|
|
# pecl will claim success even if one install fails, so we need to perform each install separately
|
|
pecl install APCu-{{ env.pecl_APCu }}; \
|
|
pecl install memcached-{{ env.pecl_memcached }}; \
|
|
pecl install redis-{{ env.pecl_redis }}; \
|
|
\
|
|
docker-php-ext-enable \
|
|
apcu \
|
|
memcached \
|
|
redis \
|
|
; \
|
|
rm -r /tmp/pear; \
|
|
\
|
|
runDeps="$( \
|
|
scanelf --needed --nobanner --format '%n#p' --recursive "$extDir" \
|
|
| tr ',' '\n' \
|
|
| sort -u \
|
|
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
|
)"; \
|
|
apk add --no-network --virtual .joomla-phpexts-rundeps $runDeps; \
|
|
apk del --no-network .build-deps; \
|
|
{{ ) else ( -}}
|
|
# pecl will claim success even if one install fails, so we need to perform each install separately
|
|
pecl install APCu-{{ env.pecl_APCu }}; \
|
|
pecl install memcached-{{ env.pecl_memcached }}; \
|
|
pecl install redis-{{ env.pecl_redis }}; \
|
|
\
|
|
docker-php-ext-enable \
|
|
apcu \
|
|
memcached \
|
|
redis \
|
|
; \
|
|
rm -r /tmp/pear; \
|
|
\
|
|
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
|
|
apt-mark auto '.*' > /dev/null; \
|
|
apt-mark manual $savedAptMark; \
|
|
ldd "$extDir"/*.so \
|
|
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
|
|
| sort -u \
|
|
| xargs -r dpkg-query --search \
|
|
| cut -d: -f1 \
|
|
| sort -u \
|
|
| xargs -rt apt-mark manual; \
|
|
\
|
|
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
|
|
rm -rf /var/lib/apt/lists/*; \
|
|
{{ ) end -}}
|
|
\
|
|
! { ldd "$extDir"/*.so | grep 'not found'; }; \
|
|
# check for output like "PHP Warning: PHP Startup: Unable to load dynamic library 'foo' (tried: ...)
|
|
err="$(php --version 3>&1 1>&2 2>&3)"; \
|
|
[ -z "$err" ]
|
|
|
|
# set recommended PHP.ini settings
|
|
# see https://secure.php.net/manual/en/opcache.installation.php
|
|
RUN set -eux; \
|
|
docker-php-ext-enable opcache; \
|
|
{ \
|
|
echo 'opcache.memory_consumption=128'; \
|
|
echo 'opcache.interned_strings_buffer=8'; \
|
|
echo 'opcache.max_accelerated_files=4000'; \
|
|
echo 'opcache.revalidate_freq=2'; \
|
|
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
|
|
# set recommended error logging
|
|
RUN { \
|
|
# https://www.php.net/manual/en/errorfunc.constants.php
|
|
echo 'error_reporting = E_ERROR | E_WARNING | E_PARSE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_RECOVERABLE_ERROR'; \
|
|
echo 'display_errors = Off'; \
|
|
echo 'display_startup_errors = Off'; \
|
|
echo 'log_errors = On'; \
|
|
echo 'error_log = /dev/stderr'; \
|
|
echo 'log_errors_max_len = 1024'; \
|
|
echo 'ignore_repeated_errors = On'; \
|
|
echo 'ignore_repeated_source = Off'; \
|
|
echo 'html_errors = Off'; \
|
|
} > /usr/local/etc/php/conf.d/error-logging.ini
|
|
{{ if env.variant == "apache" then ( -}}
|
|
|
|
RUN set -eux; \
|
|
a2enmod rewrite expires; \
|
|
\
|
|
# https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
|
|
a2enmod remoteip; \
|
|
{ \
|
|
echo 'RemoteIPHeader X-Forwarded-For'; \
|
|
# these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker
|
|
echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
|
|
echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
|
|
echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
|
|
echo 'RemoteIPInternalProxy 169.254.0.0/16'; \
|
|
echo 'RemoteIPInternalProxy 127.0.0.0/8'; \
|
|
} > /etc/apache2/conf-available/remoteip.conf; \
|
|
a2enconf remoteip; \
|
|
# (replace all instances of "%h" with "%a" in LogFormat)
|
|
find /etc/apache2 -type f -name '*.conf' -exec sed -ri 's/([[:space:]]*LogFormat[[:space:]]+"[^"]*)%h([^"]*")/\1%a\2/g' '{}' +
|
|
{{ ) else "" end -}}
|
|
|
|
VOLUME /var/www/html
|
|
|
|
# Define Joomla version and expected SHA512 signature
|
|
ENV JOOMLA_VERSION {{ env.joomlaVersion }}
|
|
ENV JOOMLA_SHA512 {{ env.joomlaSha512 }}
|
|
|
|
# Download package and extract to web volume
|
|
RUN set -ex; \
|
|
curl -o joomla.{{ env.joomlaPackageType }} -SL {{ env.joomlaPackage }}; \
|
|
echo "$JOOMLA_SHA512 *joomla.{{ env.joomlaPackageType }}" | sha512sum -c -; \
|
|
mkdir /usr/src/joomla; \
|
|
{{ if env.joomlaPackageType == "tar.zst" then ( -}}
|
|
tar --zstd -xf joomla.tar.zst -C /usr/src/joomla; \
|
|
{{ ) else ( -}}
|
|
tar -xf joomla.tar.bz2 -C /usr/src/joomla; \
|
|
{{ ) end -}}
|
|
rm joomla.{{ env.joomlaPackageType }}; \
|
|
chown -R www-data:www-data /usr/src/joomla
|
|
|
|
# Copy init scripts
|
|
COPY docker-entrypoint.sh /entrypoint.sh
|
|
COPY makedb.php /makedb.php
|
|
|
|
ENTRYPOINT ["/entrypoint.sh"]
|
|
{{ if env.variant == "apache" then ( -}}
|
|
CMD ["apache2-foreground"]
|
|
{{ ) else ( }}
|
|
CMD ["php-fpm"]
|
|
{{ ) end -}}
|
|
|
|
|